Audit logs: This is where network and database activity is recorded, mainly who, what, and when the activity was performed. The purpose of this is to record how any system was used, on discovery of an issue to allow the possible cause to be tracked and to alert administrators to suspicious activity.
Firewall configurations: A firewall can be hardware or software. This is where traffic into and out of the computer system is controlled, allowing or disallowing traffic to enter or leave the network. This is done by the use of rules configured by the admin or user depending on the situation. Rules may include for example blocking certain IP addresses to disallow any traffic to and from a certain IP or blocking a domain name and preventing any traffic to and from the web server.
Virus checking software: This is an application which runs in the background and will scan any file as it is opened and check the contents against a virus database called a dictionary which contain ‘fingerprints’ on viruses. The anti-virus software will update its dictionary automatically or when scheduled by the user, it will check all running programs, emails and carry out heuristic analysis (used to discover new viruses or when a virus has replicated itself in a special manner).
Use of Virtual Private Networks (VPN): This is an established connection between two computer systems over a public network such as the internet. This is done by the use of a tunnel which is an agreed route for encrypted traffic. This creates a trusted connection on a system which is not trusted. This helps prevent packet sniffing and fraudulent authentication.
Intrusion detection systems: This monitors network activity for someone trying to break in or compromise a system. Some of these systems are passive and will record any suspicious activity for the network administrator and others are reactive which will try to reconfigure the firewall automatically to block the intrusion.
Passwords: This is a word that must be entered to allow access to the system which is chosen by the user. Many organisations have password policies, for example, not to write down the password, change the password every month or so or to choose a password which is not contained within a dictionary. Many systems will lock a user out after 3 password attempt, then the user must go to the network administrator and provide suitable proof of identity and either remind the user of the password or create a new one.
Levels of access to data: This is used to control how data may be access or used by a user. Levels include, read privilege allows the user to view certain information, write privilege allows the user to make alterations to certain information and execute privilege allows the user to create new files or folders. These levels of access may be specific to a certain user or a certain system.
Software updating: This is where software implements updates from the manufacturer. These ‘patches’ fix issues with faults and vulnerabilities in the software which could be manipulated by a potential hacker. Generally software updating is automatic.
Public Private Key encryption: Encryption turns information or data into an unrecognizable format of cipher. A public key is available to everyone whereas a private key is confidential to its owner. If a document is sent and it needs to be secure it is encrypted with the public key of the user it is being sent to, and can only be decrypted by the corresponding private key that the recipient has access to. This means that if someone gains access to the document in its encrypted form they won’t be able to decrypt it without the intended recipient’s private key. This means that the document can be sent in confidentiality without fear of it being interpreted by someone it is not intended for.
Disaster recovery: If a disaster such as a flood, fire or theft of data or information occurs then a disaster recovery plan setup in advance is of vital importance. One way of recovering lost data or information is by the use of backups. If the data or information has been backed up in an external media device in a safe place such as on an optical disc or on paper then the required data/information only needs to be retrieved from its safe location and the data/information is recovered, this reduces the downtime resulting from the disaster. Another form of disaster recovery is the use of a system backup, which is a mirror image of the computer systems used by the business; this means if there is a failure with one or all of the systems then the backup system can be put in place to prevent downtime caused by the failure. If damage occurs to the hardware of the system then spare parts that are kept in case of hardware failure are a good idea, however this is not very cost effective. Alternatively, in the case of a fire or flood and an entire system has been made unusable then a whole system replacement may be required, this may be stored as a backup in a safe place or bought in reaction to the disaster, this is the least effective way to prevent downtime.